By BeauHD from Slashdot's take-matters-into-your-own-hands department:An anonymous reader quotes a report from TechCrunch: Google dropped a single National Security Letter into its most recent transparency report without much fanfare, but today the company published eight more NSLs in an attempt to shed more light on government surveillance of Google users. The eight letters published today were sent to Google from FBI offices across the country. Cumulatively, the NSLs seek broad access to content for around 20 user accounts. The names of the targets are redacted, but most of the letters seek access to Gmail accounts. The NSLs were sent to Google over a five-year period, from 2010 to 2015, with the majority coming from the Charlotte, North Carolina field office of the FBI. Others came from Florida, Arizona, New York, and California. "In our continued effort to increase transparency around government demands for user data, today we begin to make available to the public the National Security Letters (NSLs) we have received where, either through litigation or legislation, we have been freed of nondisclosure obligations," Richard Salgado, Google's director of law enforcement and information security, wrote in a blog post. Google has fought to make the letters public in part because the FBI can issue them without prior judicial oversight.

By BeauHD from Slashdot's auto-correct department:tomhath quotes a report from The Hill: Last March, Podesta received an email purportedly from Google saying hackers had tried to infiltrate his Gmail account. When an aide emailed the campaign's IT staff to ask if the notice was real, Clinton campaign aide Charles Delavan replied that it was "a legitimate email" and that Podesta should "change his password immediately." Instead of telling the aide that the email was a threat and that a good response would be to change his password directly through Google's website, he had inadvertently told the aide to click on the fraudulent email and give the attackers access to the account. Delavan told The New York Times he had intended to type "illegitimate," a typo he still has not forgiven himself for making. The email was a phishing scam that ultimately revealed Podesta's password to hackers. Soon after, WikiLeaks began releasing 10 years of his emails.

By BeauHD from Slashdot's constitutional-protections department:A Florida appeals court has reversed a decision by a previous judge and ruled that a suspected voyeur can be made to reveal his iPhone passcode to police. "The defendant was arrested after a woman out shopping saw a man crouch down and aim what she believed was a smartphone under her skirt," reports BBC: Store CCTV captured footage of a man crouched down, holding an illuminated device and moving it towards the victim's skirt, according to court documents published by news site Courthouse News. Aaron Stahl was identified by law enforcement officers who reviewed the footage, according to court documents. After his arrest, Mr Stahl initially agreed to allow officers to search his iPhone 5, which he told them was at his home. However, once it had been retrieved by police - but before he had revealed his passcode - he withdrew consent to the search. The trial court had decided that Mr Stahl could be protected by the Fifth Amendment, which is designed to prevent self-incrimination. However, Judge Anthony Black's formal opinion to the court quashed the decision. Judge Black referred to a famous Supreme Court case, Doe v US 1988, in which Justice John Paul Stevens wrote that a defendant could be made to surrender a key to a strongbox containing incriminating documents but they could not "be compelled to reveal the combination to his wall safe." "We question whether identifying the key which will open the strongbox - such that the key is surrendered - is, in fact, distinct from telling an officer the combination," wrote Judge Black. "More importantly, we question the continuing viability of any distinction as technology advances."

By BeauHD from Slashdot's smile-and-wave department:An anonymous reader quotes a report from The Hill: The Obama administration released a long-awaited rule on Tuesday requiring all new vehicles to have communication technology that allows them to "talk" to each another, which officials say could prevent tens of thousands of crashes each year. The proposal calls for all new light-duty cars and trucks to eventually be equipped with vehicle-to-vehicle (V2V) technology, a safety system that enables cars to send wireless signals to each other, anticipate each other's moves and thus avoid crashes. The rule would require 100 percent of new vehicle fleets to have V2V technology within four years of the final rule's enactment. The proposal will be open for public comment for 90 days. The connected vehicle rule builds on previous work by the outgoing administration to accelerate the deployment of innovative safety technology. The Department of Transportation released the first-ever federal guidelines for driverless cars in September. "We are carrying the ball as far as we can to realize the potential of transportation technology to save lives," said Transportation Secretary Anthony Foxx. "This long-promised V2V rule is the next step in that progression. Once deployed, V2V will provide 360-degree situational awareness on the road and will help us enhance vehicle safety." Officials say V2V has the potential to mitigate 80 percent of non-impaired crashes and can interact with other crash avoidance systems, like automatic braking. V2V uses dedicated short-range radio communications to exchange messages about a car's speed, direction and location. The system uses that information from other vehicles to identify potentials risks and warn its driver. A pair of Democratic senators called on the agency to ensure that vehicles have "robust" cybersecurity and privacy protections in place before automakers deploy V2V.

By msmash from Slashdot's it's-simple department:Apple has removed the "time remaining" battery life indicator with the new macOS Sierra update following complaints from several users of new MacBook Pro models. Apple says it stands by its 10-hour battery life claim in the new MacBook Pro models, and adds that the battery life indicator didn't show accurate information. From a report on The Loop: You can still see the image on the top of the screen, and you can see the percentage, but you will no longer be able to see how much time is remaining before your battery dies. [...] Apple said the percentage is accurate, but because of the dynamic ways we use the computer, the time remaining indicator couldn't accurately keep up with what users were doing. Everything we do on the MacBook affects battery life in different ways and not having an accurate indicator is confusing. Besides the apps we are working on all the time, there are a lot of things that are happening in the background that users may not be aware of that affects battery life.

By msmash from Slashdot's he-says-she-says department:Uber is defending the scope of its privacy practices after a wide-ranging report alleged employees were tracking individual riders. From a CNBC report: "We have hundreds of security and privacy experts working around the clock to protect our data," Uber told "Reveal" in a statement. Additionally, Uber told CNBC that it is continuing to increase its security investments. The company pointed to workers that needed data for their roles, such as anti-fraud experts, or employees that validate driver insurance documents or investigate traffic incidents. "It's absolutely untrue that 'all' or 'nearly all' employees have access to customer data, with or without approval," Uber said. "We have built [an] entire system to implement technical and administrative controls to limit access to customer data to employees who require it to perform their jobs. This could include multiple steps of approval -- by managers and the legal team -- to ensure there is a legitimate business case for providing access." According to legal documents filed by ex-employee Ward Spangenberg in October and reported by The Center for Investigative Reporting on Monday, "Uber's lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses."

By msmash from Slashdot's things-google-does department:Google wants to put Android in the next wave of smart devices that'll be vying to fill up your home. It's launching a version of Android today called Android Things that can run on products like connected speakers, security cameras, and routers. A report adds: The OS is supposed to make it easier for companies to start shipping hardware, since they'll be able to work with the Android dev tools they already know. Android Things is a new name, but the operating system itself isn't strictly new. It's basically an update and a rebranding to Brillo, an Android-based OS for smart devices and Internet of Things products announced a little more than a year and a half ago. Brillo has -- publicly, at least -- gone close to nowhere. It was more or less a no-show at CES last year, and there's been little mention of it since. But today's rebranding marks a key update meant to make developing a product with this operating system much easier. Unlike Brillo, development on Android Things can be accomplished with "the same developer tools as standard Android," according to Google. The hope is that experienced developers will be able to quickly get up to speed and start work on a new product.ArsTechnica has more details.

By msmash from Slashdot's no-hurry department:NASA says the first crewed test flight of SpaceX's Dragon vehicle has been delayed until May 2018. From a report on The Verge: In the wake of its September 1st rocket explosion, SpaceX has officially delayed the first crewed flight of its Crew Dragon vehicle -- the capsule that the company is building to take NASA astronauts to and from the International Space Station. Originally planned for late 2017, the first flight of the Crew Dragon with people on board is now slated to take place in May of 2018, according to a NASA blog post. Prior to that flight, SpaceX will perform a demonstration mission of Crew Dragon in November 2017 -- a flight that won't include any astronauts. There had been heavy speculation that the flight would be delayed following the accident, in which a Falcon 9 rocket exploded as it was being fueled on a Florida launch pad. And SpaceX says the move was made as the company finalizes its investigation into the accident. "As this investigation has been conducted, our Commercial Crew team has continued to work closely with NASA and is completing all planned milestones for this period," SpaceX said in a statement to The Verge. "We are carefully assessing our designs, systems, and processes taking into account the lessons learned and corrective actions identified. Our schedule reflects the additional time needed for this assessment and implementation."

By msmash from Slashdot's taking-a-stand department:The Department of Energy said Tuesday it will reject the request by President-elect Donald Trump's transition team to name staffers who worked on climate change programs. Energy spokesman Eben Burnhan-Snyder said the agency received "significant feedback" from workers regarding a questionnaire from the transition team that leaked last week. From a Reuters story, syndicated on BusinessInsider: The response from the Energy Department could signal a rocky transition for the president-elect's energy team and potential friction between the new leadership and the staffers who remain in place. The memo sent to the Energy Department on Tuesday and reviewed by Reuters last week contains 74 questions including a request for a list of all department employees and contractors who attended the annual global climate talks hosted by the United Nations within the last five years. "Our career workforce, including our contractors and employees at our labs, comprise the backbone of (the Energy Department) and the important work our department does to benefit the American people," Eben Burnham-Snyder, Energy Department spokesman said. "We are going to respect the professional and scientific integrity and independence of our employees at our labs and across our department," he added. "We will be forthcoming with all publicly available information with the transition team. We will not be providing any individual names to the transition team."

By msmash from Slashdot's making-sense department:If you were holding out hope that Android and Chrome would one day merge into some kind of super OS that marries the desktop and mobile worlds once and for all, Google's senior vice president for Android, Chrome, and Chromecast Hiroshi Lockheimer has some bad news for you: It's not happening. From a PCWorld report: Speaking on the All About Android podcast, the mobile chief threw a giant bucket of cold water on the idea that the two platforms would eventually converge, despite recent rumors that suggest such a project is already in development at Google. "There's no point in merging them," Lockheimer said, pointing out sales of that Chromebooks overtook Macs in the first quarter of this year. "They're both successful." He added, Google's aim is "to make sure that both sides benefit from each other. ... You'll see a lot more of that happening, where we're cross-pollinating, but not a merge."

By msmash from Slashdot's explain-like-I-am-5 department:China may have been hoping to attract tech talent to its nation, but it is unlikely that people in the tech industry will move there. A columnist at Bloomberg explains why: The biggest problem is government control of the internet. For a software developer, the inconvenience goes well beyond not being able to access YouTube during coffee breaks. It means that key software libraries and tools are often inaccessible. In 2013, China blocked Github, a globally important open-source depository and collaboration tool, thereby forcing developers to seek workarounds. Using a virtual private network to "tunnel" through the blockades is one popular option. But VPNs slow uploads, downloads and collaboration. And it isn't just developers who suffer. Among the restricted sites in China is Google Scholar, a tool that indexes online peer-reviewed studies, conference proceedings, books and other research material into an easily accessible format. It's become a crucial database for academics around the world, and Chinese researchers -- even those with VPNs -- struggle to use it. The situation grew so dire this summer that several state-run news outlets published complaints from Chinese scientists, with one practically begging the nationalist Global Times newspaper: "We hope the government can relax supervision for academic purposes." The cumulative impact of these restrictions is significant. Scientists unable to keep up with what researchers in other countries are publishing are destined to be left behind, which is one reason China is having difficulty luring foreign scholars to its universities. Programmers who can't take advantage of the sites and tools that make development a global effort are destined to write software customized solely for the Chinese market. The author has raised several other reasons to make his case.

By msmash from Slashdot's fake-products department:Following a lawsuit revealed back in October in which Apple exposed an issue with a large percentage of fake Apple adapters being marketed as "genuine" online, today the company has posted an official warning to customers. From a report on 9to5Mac: The message, posted on the front page of the company's support webpage, warns customers that counterfeit power adapters and batteries could pose safety issues. The company also offers customers that might have had a recent battery replacement the option to bring in their devices to an Apple Store or authorized service provider to check if the battery is genuine.

By msmash from Slashdot's security-woes department:An anonymous reader writes: Security researchers have found malware hidden in the firmware of several low-end Android smartphones and tablets, malware which is used to show ads and install unwanted apps on the devices of unsuspecting users. 26 Android device models have been found to be vulnerable. The common link between all these devices is that all are low-cost devices, mostly marketed in Russia, and which run on MediaTek chipsets. According to security researchers from Dr.Web, a Russian antivirus vendor, the malware appears to have been added to the firmware by "dishonest outsourcers who took part in [the] creation of Android system images decided to make money on users." The security firm has informed MediaTek and the device vendors about this issue so the affected companies can inspect their distribution chain and find the possible culprits.

By msmash from Slashdot's change-in-plans department:Google has reportedly shelved its long-standing plan to develop its own autonomous vehicle in favor of pursuing partnerships with existing car makers. From an article on TechCrunch: The Information reports that Google's self-driving car unit -- known internally as Chauffeur -- is working with established automotive names to develop cars which will include some self-driving features, but won't ditch the steering wheel and pedal controls. The firm is already working with Fiat Chrysler, per a partnership announced in May, and that could be the start of others to come. Google first set out to do away with the steering wheel and pedals approach, but this backtrack is from Alphabet CEO Larry Page and CFO Ruth Porat who found the original approach to be "impractical," according to the report. That's despite Google's autonomous vehicles clocking over two million miles of tests on public roads.

By msmash from Slashdot's more-hacks department:Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February's heist of $81 million from the Bangladesh central bank as hackers have become more sophisticated in their tactics, according to a SWIFT official and a previously undisclosed letter the organization sent to banks worldwide. From a report on Reuters: The messaging network in a Nov. 2 letter seen by Reuters warned banks of the escalating threat to their systems, according to the SWIFT letter. The attacks and new hacking tactics underscore the continuing vulnerability of the SWIFT messaging network, which handles trillions of dollars in fund transfers daily. "The threat is very persistent, adaptive and sophisticated -- and it is here to stay," SWIFT said in the November letter to client banks, seen by Reuters. The disclosures provide fresh evidence that SWIFT remains at risk of attacks nearly a year after funds were stolen from a Bangladesh Bank account at the Federal Reserve Bank of New York. The unprecedented cyber theft prompted regulators around the globe to tighten bank security requirements, amidst a global investigation by the FBI, Bangladesh authorities and Interpol.

By msmash from Slashdot's imminent-plans department:Microsoft plans to add Cortana support to Windows 10 IoT Core devices with screens as part of its Windows 10 Creators Update release. ZDNet adds: That's according to information Microsoft officials provided to the company's OEM partners at WinHEC 2016 in Shenzhen last week, in a session titled "Cortana and the Speech Platform." Microsoft Principal Program Manager May Ji outlined the ways that Microsoft wants its PC and device partners to make use of new "Wake on Voice from Modern Standby" and "Far-field Voice" support that's being added to Windows 10 with the Creators Update that's due out in the Spring of 2017. Wake on Voice from Modern Standby is a feature that allows Cortana to turn on PCs from off to a full-powered state on devices with Windows 10 "Modern Standby" power-management support. Far-field voice is what will allow Cortana to work in rooms with ambient noise at a distance of up to 13 feet/4 meters away.

By BeauHD from Slashdot's cease-and-desist department:An anonymous reader quotes a report from ZDNet: A security research firm has released details of a "critical" flaw in a security tool, despite being threatened with legal threats. The advisory said that an attacker could "manipulate accounting documents and financial results, bypass change management controls, and bypass segregation of duties restrictions," which could result in "fraud, theft or manipulation of sensitive data," as well as the "unauthorized payment transactions and transfer of money." An attacker could also add a backdoor to the affected server, the advisory said. The researchers contacted and met with PwC in August to discuss the scope of the flaw. As part of its responsible disclosure policy, the researchers gave PwC three months to fix the flaw before a public advisory would be published. Three days later, the corporate giant responded with legal threats. A portion of the cease-and-desist letter, seen by ZDNet, said that PwC demanded the researchers "not release a security advisory or similar information" relating to the buggy software. The legal threat also said that the researchers are not to "make any public statements or statements to users" of the software. The researchers told PwC that they would publicly disclose their findings once the three-month window expires, which is in line with industry standard disclosure practices. That was when PwC hit the security firm with a second cease-and-desist letter. Undeterred, the researchers released a security advisory a little over two weeks later.

By BeauHD from Slashdot's another-day-another-hack department:Quest Diagnostics has said in a statement that a hack of an internet application on its network has exposed the personal health information of nearly 34,000 people. "Quest Diagnostics has notified affected individuals via mail and established a dedicated toll-free number to call with questions regarding this incident," the company said. CBS News reports: The Madison, New Jersey-based company says âoean unauthorized third partyâ on Nov. 26 gained access to customer information including names, dates of birth, lab results and in some instances, telephone numbers. The stolen data did not include Social Security numbers, credit card accounts, insurance details or any other financial information. Quest said Monday it is working with a cybersecurity firm and law enforcement to investigate the breach, while taking steps to prevent similar incidents from recurring. If you think you're affected by this hack, you can call (888) 320-9970.

By BeauHD from Slashdot's surprise-party department:An anonymous reader quotes a report from The Guardian: Emissions of the powerful greenhouse gas methane have surged in the past decade, threatening to thwart global attempts to combat climate change. Scientists have been surprised by the surge, which began just over 10 years ago in 2007 and then was boosted even further in 2014 and 2015. Concentrations of methane in the atmosphere over those two years alone rose by more than 20 parts per billion, bringing the total to 1,830ppb. This is a cause for alarm among global warming scientists because emissions of the gas warm the planet by more than 20 times as much as similar volumes of carbon dioxide. In the meantime, emissions of carbon dioxide -- the main component of manmade greenhouse gases in the atmosphere -- have been leveling off. The new research, published in the peer-review journal Environmental Research Letters, suggests that the world's attempts to control greenhouse gases have failed to take account of the startling rises in methane. The authors of the 2016 Global Methane Budget report found that in the early years of this century, concentrations of methane rose by only about 0.5ppb each year, compared with 10ppb in 2014 and 2015. The scientists speculate that agriculture may be the main source of the additional methane that has been recorded. However, they cannot be sure of all the sources, owing to a lack of monitoring. At least a third of methane comes from the exploitation of fossil fuels, including fracking and oil drilling and some coal mining, where methane is viewed as a waste gas and is frequently allowed to escape or, in some cases, flared off, which is less harmful. Unlike carbon dioxide emissions, however, which have been tracked in various ways since the 1950s, emissions of methane are poorly understood and could represent a threat that scientists have still not accounted for.

By BeauHD from Slashdot's local-area-network department:Google has signed a deal with the Cuban government on Monday that will grant internet users in the Communist-run country quicker access to its branded content. Google plans to install servers on the island that will store a majority of its most popular content. ABC News reports: Storing Google data in Cuba eliminates the long distances that signals must travel from the island through Venezuela to the nearest Google server. More than a half century after cutting virtually all economic ties with Cuba, the U.S. has no direct data link to the island. The deal announced Monday removes one of the many obstacles to a normal internet in Cuba, which suffers from some of the world's most limited and expensive access. Home connections remain illegal for most Cubans and the government charges the equivalent of a month's average salary for 10 hours of access to public WiFi spots with speeds frequently too slow to download files or watch streaming video. The deal does not affect Cuba's antiquated communications infrastructure or broaden public access to the internet, but it could make Google websites like YouTube or Gmail up to 10 times faster for users inside Cuba. Content hosted by other companies will not be affected.